10
votes
Feature Request: SQRL authentication
Hi,
I found an SQRL client on F-Droid, it seems like a pretty good concept, any thoughts on this?
Here are the docs https://www.grc.com/sqrl/sqrl.htm
I also opened a issue on gitlab so it can be commented also there https://gitlab.com/tildes/tildes/issues/304
Agreed that a tried-and-true standard is preferable to something novel, particularly when it comes to security. I do think SQRL is a solid concept, I hope to see it put through the wringer and adopted en masse someday, it's just too early now. Technically it hasn't even been released yet.
I am curious about your phrasing though, do you have something against Steve Gibson? Maybe I'm just finding meaning where none was intended. I've listened to his podcast for years and think he's a smart and talented guy, if a bit of an old-school outlier in the tech landscape.
Haha, fair enough. No arguments there!
+1 Many of us already have 2FA apps installed and use them for many other websites. Almost every major website supports it now.
Tildes supports 2FA as well. I use Google authenticator with it.
Are there a significant amount of other site that use SQRL? Forgive my ignorance, but this is the first time I’ve seen anyone reference it outside of Steve Gibson on the Twit security podcast.
No, Steve hasn’t formally released it yet. Anyone can implement it in its current form but they would be early adopters.
It’s been several years since he announced it right?
I think that's true, but remember it's one man's labor of love, it's a side project. Most of his time goes to commercially viable work like his security show and his software company.
Nope, I just saw the app on fdroid and found it to be a nice concept, maybe too fresh to be in production :/